Hi,
I am facing a problem with a TextField (Vaadin 7.3.3) having a user input containing HTML tags. This is recognised by our (web application) firewall as XSS and gets blocked. Here is the UIDL POST request:
POST /admin/v1/UIDL/?v-uiId=0 HTTP/1.1
Host: some.server.com
Connection: keep-alive
Content-Length: 174
Origin: https://some.server.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.80 Safari/537.36
Content-Type: application/json; charset=UTF-8
Accept: */* Referer: https://some.server.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.8
Cookie: AL_SESS-S=AAABLs2qH_JhNTJiNzkyNzg0Y2YzNmZjZWQxMDViNDY0ODgzZjNlMQAAKfkkVjRg4fiA6HX3DJzfoGo4i!0=
{"csrfToken":"f26c6fd9-a3ba-4d01-9644-953f6d8fef9d", "rpc":[["83","v","v",["c",["i","0"]
]],["84","v","v",["text",["s","<html>"]
]],["84","v","v",["c",["i","6"]
]]], "syncId":8
Please note the snippet in the JSON.
Is there any way to work around this? I would prefer to solve this by Vaadin means and not by changing the firewall rules making the application dependant from the environment.
Thanks in advance and kind regards
Michael